Posted Jul 8, 2009 18:52 UTC (Wed) by nix (subscriber, #2304)
Parent article: Transcendent memory
"the need to guess a 128-bit UUID first has proved not to be sufficiently
reassuring"? This is mystifying. If it's sufficiently random (which as a
UUID it had better be), brute-forcing any of the pool IDs is going to be
next to impossible. Are people with 128-bit secret keys worried that
someone is going to guess their key by brute force? No: they're worried
about attacks that avoid brute-forcing and reduce the search space.